One Click Password Changer

It would be great to be able to change all my passwords with one click instead of having to change them manually.

It’s not clear from your 1 sentence explanation how exactly proposed feature should work. Could you please fill the form and describe it deeper, provide some typical use-cases?

A Password Changer can automatically change the passwords for many of your saved websites by directly logging in to generating strong, unique passwords, then changing the passwords for those sites on your behalf.

Everything is done automatically. You will see the window showing the status of each password change and confirmations that your passwords were successfully changed.

2 Likes

An automated password changer sounds like a step above a premium feature.
A feature that you could set how often (either per saved login or for all passwords) you want your passwords changed. Also the feature should immediately and automatically change any password that has been compromised.

The Bitwarden software would have to know the site link where password changes are done from for each saved login.

For some sites this may not be possible as the sites want to send you a password or text to change your password, but it is possible for sites that only ask for the original password and the new password in order to change the current password.

I get exited thinking about this feature. If you didnt start using a password mgr as soon as you started using the internet, then its highly likely you have many sites with the same password, making many people more vulnerable. A feature like this could change all of that. Being the first software with such a feature, sounds like a game changer.

2 Likes

That’s a good idea.

I would like to change a few passwords from time to time, not all of them and not regularly, so a button to do that with an individual entry would be ideal.

This is a standard feature in LastPass Premium and Dashlane paid version.

4 Likes

Has anyone here actually used the automatic password changers in other password managers?

They’re not that great and only work for a few websites, most of which no one uses.

Every website is different and each must be programmed and kept updated because all websites change.

There is also the issue of where to change the password. For example, Dashlane does it on their server so that means your plaintext password exists outside your vault and on their server. Lastpass does it in the extension but it’s not as reliable as the conditions change because everyone’s web browsers are set up differently. That is why Dashlane does its sever side because they control the environment but that also means they see your plain text password when they do it.

Until websites adopt a standard for password managers to use to auto change passwords, this feature is not worth it.

Not only that, but this feature is not worth it once all your passwords are unique. Changing passwords often doesn’t help better secure you. You only need to change a password if you think it’s been breached or stolen. Until then the password can stay like it is because it’s unique.

3 Likes

As @dangostylver said, we will have to program each website.
But the power of bitwarden for me is the community, so we just have to create the generalized feature, including :

  • pop ups asking for mail / sms verification
  • auto totp login
  • (other features?)

And then, the community could add more and more websites slowly but surely.

I think it will be a huge feature and a game changer for bitwarden. Because as i know, Dashlane’s password changer is not powerfull, because not a lot of websites are available and it’s impossible for them to implement all websites.
But imagine with our community of developers that we could manage more websites than Bitwarden’s competitors.

It’s a god feature request but we could redo the 1st post for description… @mdc1022 may you edit it?

1 Like

@dangostylver I used autochanger in LastPass. Yes, this was not great, but 80% of my site creds were successfully changed.
I vote for, nice feature.

3 Likes

I studied about the topic for a dissertation, and there have been proposals that the community could share the password lifecycle endpoints of sites, and these could be upvoted by the rest of community…

For trivial sites like Facebook, Instagram, and the sorts, this should be easy to do (although they change their sites quite a lot).

For other types of websites, say, country-specific, there could be like a voting system. Has its downsides, but hopefully common sense could prevail.

Maybe for US sites, this feature would work quite nicely, but for other countries, I’m afraid it would just give a sense of frustration and false hope. Hence the upvoting.

EDIT: i just saw carefully what @pierrebssr said in his post. Basically the same suggestion, and i agree, it seems to be a lot of work

If bitwarden created a list of the sites, had people vote, then they could prioritize which sites has auto password rotation. Another idea would be the use of javscript plugin per login.

2 Likes

I think this must have features, many topics in Reddit ask for it

Hopefully to consider it soon

Definitely, this is a game changing feature as long it works nice and smoothly, which is something LastPass and Dashlane struggle with. Also agree with the above, what differentiates Bitwarden from it’s competitors is the community, so this is a feature that the community could own and I can easily see Bitwarden quickly amassing support for many, many websites over the likes of LastPass and it’s auto-changer.

This topic comes up in search results most often so I wish to bring to your attention the ‘well-known’ schema draft, which has a topic separately:

You can find the current W3C draft here: A Well-Known URL for Changing Passwords - it may be worth for the team to at least keep an eye on the draft as it evolves. I agree this is a great case for a premium feature.

3 Likes

Oh yes, we’re watching :slight_smile:

5 Likes

any news for that feature ? i think its very important !

Yup - a vote from me too; various known leaks have led to my needing to change passwords a few times this year, and I’m aware that my long list of passwords here includes some very old logins from sites I no longer / very rarely use which are probably (still) duplicates. I used to be with Lastpass too, and have used the password changer there. I’d be much more likely to change passwords more frequently - especially on more sensitive sites like my financial account and medical records - it if was easier to do. It would also be nice to get warnings when details are published online - like https://haveibeenpwned.com/ - and maybe monthly reports of which passwords have not been changed for 6M.

Hi @gaz - that is a good list of suggestions. Regarding warnings about exposed passwords, Bitwarden already makes this really easy to check - see the link below:

https://bitwarden.com/help/article/reports/

Hi @dh024 - thanks for the link, but I was thinking of an active alert that would pop up as a message in the web vault or the browser add-in. I know I can do my own check from time to time, but being told there’s a problem is a more immediate notification!

+1 on this, Chrome and Edge are implementing this too.

This seems to be reliant on these innovations where web developers can help automate the process:
https://web.dev/change-password-url/ (A well-known URL for password changes)
Password Form Styles that Chromium Understands - The Chromium Projects
& The HTML autocomplete attribute - HTML: HyperText Markup Language | MDN (autocomplete attribute to specify exactly what each field is for)

Despite the complexity of doing it (which is reducing as Developers get on board with the above) making it sound like a lot of work & ultra premium, at the end of the day it is good practice to make password changes easy and good for the user & security.

It is such a problem where the web has been lacking on, and why Password Managers like BitWarden are so important in closing that gap. It should be a standard feature.